Move libcontainerd root inside /var/lib/docker #22164
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Because libcontainerd mounts the container rootfs to
/var/run/libcontainerd
, and some people mount/var/run
into thecontainer. This causes mounts used by other containers to leak into
containers that do mount
/var/run
.This is really just moving the problem, but since
mounting
/var/lib/docker
into a container is already problematic(for the same reasons) at least we can fix issues of people being able
to mount
/var/run
I chose not to change the default exec root path since this also contains other items.
We may want to change this all anyway... and do so before container re-attach is stable, which would complicate this since we couldn't really clean up the old files at that point.
This is a work-around for #21969